使用Forms身份验证首次登录asp.net mvc后强制用户更改密码

本文介绍了使用Forms身份验证首次登录asp mvc后强制用户更改密码的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有一个与表单身份验证安全客户端一起使用的mvc应用程序，所有管理用户都是在服务器端使用wcf协议制作的. 并且在服务器站点中，我将用户tocken保存在sessoin中

I'm have a mvc app that use with form authentication security client and all the manage user's is made in server side with wcf protocol. and in the server site I'm saving the user tocken in the sessoin

string token = Srv.ValidateUser(out isNewUser, model.UserName, model.Password, model.IdentityNumber); if (!string.IsNullOrEmpty(token)) { Session["Token"] = token; }

使用此令牌可以在服务中标识 和用户名，形式为认证

with this token I Identifies in the services and the user name in the form authentication

FormsAuthentication.SetAuthCookie(model.UserName, false);

现在我不知道如何在首次登录后或密码过期后强制用户更改密码. 我的配置是:

and now I dont know how to force user change password after first login or after password expired. My config is:

<system.web> <sessionState mode="InProc" cookieless="true" timeout="20" /> <authentication mode="Forms"> <forms path="/" loginUrl="~/Account/Login" /> </authentication> <authorization> <allow users="*" /> <deny users="?" /> </authorization> <identity impersonate="true" /> <compilation debug="true" targetFramework="4.5.1" /> <httpRuntime targetFramework="4.5" /> </system.web> <system.webServer> <modules> <remove name="FormsAuthenticationModule" /> </modules> <validation validateIntegratedModeConfiguration="false" /> </system.webServer>

有人可以帮助我吗?

推荐答案

在您的登录后操作中，您可以像这样检查LastPasswordChangedDate:

In your Login post action, you can check LastPasswordChangedDate like so:

var currentUser = Membership.GetUser(model.Email); if (currentUser != null) { if (currentUser.LastPasswordChangedDate == currentUser.CreationDate) { // User has not changed password since created. return RedirectPermanent("Login/?userName=" + model.Email); } }